Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Phase 1And
Phase 2/3 Program
23 March 2006
Preston Marshal, Program [email protected]
703-696-5273
Disruption Tolerant Networking (DTN) Program
2Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Disruption Closes Connection
Disruption Tolerant
Disruption Tolerant Networking (DTN)Program Concept
source
destination
disrupted areas
Packet traverses net until blocked by a disruption
When disruption clears, packet traverses remainder of route
Packet arrives at destination. In an IP network, packet wouldnever have left source
DTN’s Goal is to is to develop and demonstrate technology that will provide network services in the face of disruption and massive differences in delay and bandwidth; and to
reduce demands on network resources by integrating storage into the network
DTN’s Goal is to is to develop and demonstrate technology that will provide network services in the face of disruption and massive differences in delay and bandwidth; and to
reduce demands on network resources by integrating storage into the network
End-to-end severely disrupted by one bad link
Custodian-to-custodian connections isolate disrupted regions
3Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Military Need
• FCS Communications Position Reports Used as Measure
• Highly Favorable Metric Used• Loss of 2 Successive (1 Sec Interval) Reports
Considered as Disconnected
Relying on IP for tactical military networks is dangerous
• Episodically connected military MANETs see rapid topology changes
• Tactical radios know names, not destination addresses
• Tactical/edge military networks may be a mix of IP and non-IP radios
Relying on IP for tactical military networks is dangerous
• Episodically connected military MANETs see rapid topology changes
• Tactical radios know names, not destination addresses
• Tactical/edge military networks may be a mix of IP and non-IP radios
Wireless networks can be good for local connect, but often can’t reach back to infrastructure
Local storage – caching – can create access to information after infrastructure connectivity loss.
FCS Vehicle, Ft. Benning 2006
4Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
All Bandwidth is Not Equally Important
DTN Can Augment Existing Networks without Being Inserted into Topology
• Networks are not hierarchies of bandwidth, they are islands
• Bandwidth within islands not as important as bandwidth between islands
• DTN augmentation within islands provides major performance benefits between islands
• Nodes can use local bandwidth to obtain DTN services, even if not on own node
10 Megabps Highly Reliable Connectivity
Wireless Enclaves
GIG Fiber Core
10 Gigabps Highly Reliable Connectivity
64 Kilobps Episodic Connectivity
• Similar to DARPA• Highly reliable, high speed (1 Gigabit) from
servers on campus• Several Megabits in and out to Internet
Ban
dw
idth
/Rel
iab
ility
Distance
5Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
DTN Network Persistence Can Solve Fundamental Internet Application Shortfalls
• DTN makes applications over disrupted networks robust
• DTN is also an Opportunity to solve Fundamental Problems we’ve never before had a handle on, using Network-Managed Persistence
• Access information by content or type rather than by network address “I want maps for my area” instead
of “I want to ftp to 192.168.4.17”
• Retrieve once, provide to local users as requested
• Learn from actual network usage
• Exploit in-network storage/caches and pub/sub protocols to create a dynamic and self-forming “Akamai”
• Use temporal security rather than physical security
Time
DT
N
Data only decrypted for access
Cu
rren
t Data decrypted at end system
Temporal Security Model
6Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Today’s Network: Push or Pull, Neither Optimal
I need a map
ConnectedNetwork
I need a map
I need a map
I need a map
I need a map
I need a map
Only one transfer, but data flows to everyone in the multicast group, not necessarily when / where the data is needed
Multicast Push: Data goes to everyone
I need a map
ConnectedNetwork
I need a map
I need a map
I need a map
I need a map
I need a map
Conventional Pull: Copies to every requestor
DTN Resolves Both Inefficiencies.. Pulls One Time, Distributes Locally To Requestors
Only those who ask, get; but with delay; N requests use N times the bandwidth
Subsequent requests for same data consume as much band-width with as much delay as the first request.
1st 2nd 3rd Requests for same data···
Res
ou
rces
Use
d t
o
Get
Dat
a
7Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
DTN Phase 1 Results
• Demonstrated DTN v TCP with typical USMC wireless connectivity patterns (MITRE/CONDOR)
• Demonstrated Network Delivery (BBN)
• Demonstrated Trusted Delivery & Resistance to DDoS (Lehigh)
• Designed architecture – intrinsic ability of DTN to operate to the extremes of the network without segmenting to match network characteristics – meta-architecture (MITRE/JPL)
• Potential to move this extensible framework to other building blocks of the network
• Have to adapt Cisco/Nortel/Lucent/Juniper behaviors
• Implemented Experimental Operating Wireless DTN (GaTech/UMass)
8Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Demonstrated DTN v. TCP with USMC Wireless Connectivity Patterns
Demonstrated that DTN is Useful & Feasible, and that DTN can be Transitioned to COTS-based Military Systems
Consecutive 10-KByte File Retrievals over 24 hours, using HTTP and DTN
0
500
1000
1500
2000
2500
3000
3500
4000
File Retrieval Time (seconds)
Nu
mb
er o
f F
ile
Tra
nsf
ers
HTTP
DTN
10 KByte File Transfers in 24 hours
368
3580
0
500
1000
1500
2000
2500
3000
3500
4000
HTTP
DTN
Abandoned 10-KByte File Transfers in 24 hours
0
115
0
20
40
60
80
100
120
140
Abandoned
HTTP
DTN
..
DTN Is A Deployable Technology With
Massive Performance Benefits for DoD
user EPLRSCisco 3725
CONDOR Gateway cable map
INMARSATterminal
Cisco 2811
KG-250
DTN
Completed
9Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Network changes faster than it updates.. never static. IP would never have correct topology.. would fail in a
conventional MANET
For random link dynamics, at most 16 (out of 31) bi-directional links were up at any time
Phase 1 Go/NoGo Metric: Demonstrate DTN Network Performance in Disrupted Network & Evaluation Platform
Hardware in the loop emulation of actual DTN nodes
• Link characteristics• capacity: 19.2 kb/s• delay: 5 ms• MTU: 1480 bytes
• Bundle traffic• size: 2800 bytes• total originated: 264
• Network Transit time >620ms
• Link StateTransit time 4.3s
• Mean time between link transitions ~5s
• Run time: 3600 s
Go/NoGo criterion metfor reliable delivery
DTN would have delivered all traffic given enough time
• 100% Reliable Delivery with
• 80% Utilization over
• 20% Available Links
ACHIEVED
10Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Delivered Bundles Vs. Path DistanceRun at 20% Target Availability: Random Link Dynamics
0
25
50
75
100
3 4 5 6 7
Number Hops
Per
cen
t B
un
del
s D
eliv
ered
DTNTCP End to End Transfer
Delivery Performance for DTN and TCP • Opportunistic Routing Found Ways to Deliver All Traffic, Regardless of Hops
• TCP (End to End) Could Not Find Opportunities• End to End requires Complete
Path be Available
• End to End is Fundamentally Unsuited for Military Operations• 80% Links are only 20%
Network Connected at 7 Hops
• 20% Links are 0.001% Network Connected at 7 Hops
• End to End IP (Without TCP) Shares All these Issues
11Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Delivery Ratio: Worst Case DynamicsDTN versus End-to-End (E2E) Baseline
• DTN Accomplished All Deliveries for Availabilities Above Go/NoGo Criteria• Would Complete All if
Longer Duration created Opportunities
• End to End Could Not Find Sufficient Opportunities in Any Disrupted Scenario• Failed Completely Below
50% Availability
0
25
50
75
100
0 25 50 75 100
Average link Availability
% B
un
dle
De
live
red
DTN
End to E
nd
12Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Link Utilization Using DTN
0.5
0.55
0.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Link Availability
Lin
k U
tili
zati
on
• DTN Effectively Used All Available Link Capacity• Network Was So
Dynamic that End to End Would not be Aware of Opportunities to Use
• Efficiency Decreases at High Availability, as More Overhead, and Early Completion of Transfers
• Phase 2 Will Develop Technology to Adapt and Use both End to End and DTN Based on Which Would be Most Effective
13Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Trusted Delivery GNG Metric: ACHIEVED
• Demonstrate rejection of message from unauthenticated sender
• Demonstrate authentication and forwarding of message from trusted sender
• Demonstrate payload data encryption
Phase 1 Go/No Go: “Demonstrate Trusted Delivery” Phase 1 Go/No Go: “Demonstrate Trusted Delivery”
DTN will not propagate Distributed Denial-of-Service Attack
DTN will Detect & Reject Fraudulent (Forged Address) Messages
DTN will not propagate Distributed Denial-of-Service Attack
DTN will Detect & Reject Fraudulent (Forged Address) Messages
14Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Trusted Delivery GNG Metric: ACHIEVED Demonstrate rejection of message from unauthenticated sender
• Two sending nodes - one legitimate, one malicious - attempt to send a bundle in a network with the BAH feature enabled
• The malicious node (M1) sends a bundle without the appropriate BAH to the forwarding node (N2)
• Result: N2 rejects the bundle - ACHIEVED
• The legitimate sender (N1) sends a bundle with the appropriate BAH, allowing for successful authentication
• Result: N2 forwards the bundle to the destination (N3)
Security PerimeterN1
M1
N2 N3
BAH: Bundle Authentication Header
Should have been part of the Internet from the beginning
15Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Trusted Delivery GNG Metric: ACHIEVED Demonstrate: 1.) Authentication and Forwarding of Message From Trusted
Sender and 2.) Payload Data Encryption
• N1 sends a bundle to N4 (thru N2) with only the BAH activated
• The link between N2 and N3 is insecure, so policy at N2 requires payload data encryption
• N2 encrypts the payload, adds the PSH, and becomes the PSH-source, with destination N4 the PSH-destination for the bundle
• N4 receives the encrypted bundle from N3 (thru N2) and decrypts the message: ACHIEVED
N1 N2 N3 N4
PSH-Source PSH-Destination
BAH: Bundle Authentication HeaderPSH: Payload Security HeaderRed: CleartextBlack: Ciphertext
DTN Enables Security Partitioning Based on Traffic Policies Rather than Physical Topology
16Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Au
tocon
fig
ura
tion
/N
eig
hb
or D
iscovery
Bu
nd
leC
usto
dy T
ran
sfe
r
Bu
nd
le E
nd
-to-e
nd
Relia
bility
Bu
nd
leFlo
w/C
on
gestio
n C
tl.
Bu
nd
leEn
cry
ptio
n
Bu
nd
leTB
D S
erv
ices
Convergence Layer
DTN System Architecture
API LegendProtocol Composition API
Management API
RoutingAPI
Configuration API
EnvironmentalAwareness API
Bundle EngineEn
viro
nm
en
tal A
ware
ness
Oth
er R
ou
ting
Pro
tocol
“D
TN
RG
” R
ou
ting
Pro
tocol
“D
AR
PA
” R
ou
ting
Pro
tocol
DTN
Polic
y/M
an
ag
em
en
t
Process Rendezvous Plug-ins/DLLs
Single DTN Standard Will Be Extensible for Commercial or Uniquely Structured Military Apps Such As UAV Overflight, Sensor Nets, Tactical Disruption …
Single DTN Standard Will Be Extensible for Commercial or Uniquely Structured Military Apps Such As UAV Overflight, Sensor Nets, Tactical Disruption …
17Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Technology for a Common Routing Structure with Mission-Unique Algorithms
Wireless networks need diverse routing behaviors:“Open Biggest Battery First” (Battery-powered systems)
“Use Advantaged Node Last” (Transient aircraft nodes)
“Open Least Tx Energy Path First” (Energy-starved systems)
“Open Least Used Reasonable Path First” (Fairness)
Extend - don’t replace - COTS products
Core/Interoperable Core/InteroperableCore/Interoperable
Core/Interoperable
GIG-uniquerouting algo.
UAV flightschedule
battery-awarerouting algo.
vendor-uniqueextension
CommercialWorld
DoD Infrastructure DoD Sensor Field
minimal protocol set
UAV flightschedule
IRG DTN NetworkStandard Core
ColorLegend:
CommercialDTN Extension
Military DTN Extensions
Buy commercial, specialize to militaryBuy commercial, specialize to military
18Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
University DTN testbeds (GaTech/UMass) urban ops experiment with multipath and rapid topology change (route breakage)
Long-term 24/7 Experiment at Low Cost with Mobile nodes, sensors, and throwboxes – analogs of tactical military wireless networks – urban+rural – manned & vehicular
DieselNetInitial Deployment May 2004
DieselNet: routers in 40 busses in Amherst
19Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Algorithmic Results
• Knowledge management: Uniform information dissem-ination and improvement of buffer usage
• Resource management: Virtual infrastructure with transport frames improves delivery rate in bottleneck scenarios
• Opportunistic Routing: SCaTR framework improves delivery rate and reduces signaling overhead
• Reflective Route Planning: First DTN routing algorithm based on formal reasoning technology
• Flexible network simulation models with user-defined physical resource schedules
no resource management virtual infrastructure
simulation time
sign
alin
g o
verh
ead
deliv
ery
rate
deliv
ery
rate
deliv
ery
rateFactor 2-3 Increase
Fact
or
5-6
In
crease
Fact
or
2-1
0
Red
uct
ion
simulation time
simulation time
scenario size
AODV
AODV
simulation time
simulation time
20Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
DTN Progressive Maturity
Phase 1
Protected, High Performance DTN for
Static Applications with Store and Forward
Phase 2
Phase 1 + Protected, DTN for Medium Scale, Static
Applications with Caching and Distributed Query
Phase 3
Dynamically Self-Organized Organized, Secure Local
Store, Application Linkages, Proven
• Self-Organizing in Response to Network needs
• Large Scale• Red/Black Management of
Persistent Data
• Integrate Push and Pull Metaphors• Cognitive Caching• Information Addressing (not Network Addressing)• Multiple Native Networks (JTIDS, IP, EPLRS, …)• Initial Demo Board Implementation
• Demo in Military Scenario to Assess Utility
• Implement in Longer term, non-Military Application for Operational Experience
• Integrate into Military Networks• Implement in Longer term non-
Military Application to Acquire Experience
Progressive Technology
Development Resulting in Proven
and Deployable Product
21Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Merging Information and Networking
Policy & reasoning enable sophisticated queries over the network
• “I don’t know exactly what I’m looking for, but I know how to describe it”
Late binding as a way of describing information• Don’t have to know where information resides – Google as a metaphor, not an
overlay
• Late binding can occur in the information domain, not only the addressing domain
Want to build a formal structure for persistence and networking, a structure for solving tactical problems
• Analogous to akamai, but akamai is static.. In tactical networks must build our persistence architecture on the fly
22Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Adaptation to Reflect Network Dynamics
DTN networks adapt to changing network topologies• Storage configures itself around paths thru the (intermittent) network
• Self-forming Akamais for content distribution in response to network demands
• Caching as a result of delay-bandwidth product discontinuities
Military Utility – Reduce (eliminate?) burden of planning network deployment with unit deployment
• Planning costs currently comparable to or greater than people and equipment costs
• Network planning creates inertia/delay in deploying forces and reacting to unanticipated changes in the theatre
• Avoid the Comms planning cycle!
23Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Content-based Networking
Support push from core, pull from edge, and meet-in-the-middle content-based networking
Steinbet: “Users will pull data as needed instead of having massive amounts of information pushed to them regularly – regardless of whether it is needed. .. a key tenet of net-centric warfare is that the consumers of information are smarter than their sources about what is needed operationally right now, and that they should be able to pull those data when they need it.
Enable users to subscribe to or query useful information services, and have data returned when there’s a new event or query match
Edge networks can push data up into the networkSource analysis systems can query DTN storage for Wolfpack systems – enables
heterogeneous sensor data fusion
Distribute policies with bundles – much of the flexibility of Active Networks without as much risk .. Update rules of engagement by disseminating policies thru DTN nets
24Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
Benefits of unifying networking and storage
• Request information by content/type rather than by network address
• “I want weather for my area” instead of “I want to ftp to 192.168.4.17”
• Ability to cache rather than waste wireless bandwidth• It’s way cheaper to store data rather than to transmit it again
• Integrating push-pull metaphor• Pushing sends to everyone and wastes bandwidth, can pre-place data
• Pulling serves a single user, same data requested multiple times wastes bandwidth, incurs large delays delays in disrupted networks
• Akamai uses static caches in a wired network to mitigate bandwidth wastage and delay
• DTN Push/Pull exploits DTN in-network storage (persistent caches) and pub/sub protocols to create a dynamic and self-forming “akamai”
• Temporal security• Show the data as encrypted/unencryptd
25Distribution Statement: Distribution Limited to DoD and DoD Contractors Only
A New Security Model
Red-black separation derives from the philosophy that the control center is protected – once in the black, info is physically safe
With low-cost devices like WNaN, no longer true• How to deal with the loss of equipment at the tactical edge?• Information on this equipment is compromised with the equipment
How to change the security model to deal with equipment that can’t be physically secured??
Rather than view red-black as physical separation, think temporal separation!Keep data encrypted unless the application is processing it!Encrypted data lives in local cache or edge network cache, decrypted by appUse a DTN security “convergence layer shim” for apps .. Withdraw access by app
by revoking cert or similar action.DTN mechanism protects information “keyboard to
eyeball”Protection from app to app, not from node to node
Time
DT
N
Data only decrypted for access
Cu
rren
t Data decrypted at end system
Temporal Security Model